From 56455879591cd7085a4b5fad4017693c4ca240e4 Mon Sep 17 00:00:00 2001 From: Renbo Date: Thu, 20 Mar 2025 10:37:04 +0800 Subject: [PATCH 1/3] [BA] update to grafana-9.2.10-22 to #IBUUQV update to grafana-9.2.10-22 Signed-off-by: Renbo --- grafana.spec | 20 +++----------------- grafana.te | 16 ++++++++++++---- 2 files changed, 15 insertions(+), 21 deletions(-) diff --git a/grafana.spec b/grafana.spec index 5d578c5..88ae423 100644 --- a/grafana.spec +++ b/grafana.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 # gobuild and gotest macros are not available on CentOS Stream # remove once BZ 1965292 is resolved # definitions lifted from Fedora 34 podman.spec @@ -36,7 +35,7 @@ end} Name: grafana Version: 9.2.10 -Release: 21%{anolis_release}%{?dist} +Release: 22%{?dist} Summary: Metrics dashboard and graph editor License: AGPLv3 URL: https://grafana.org @@ -124,10 +123,6 @@ BuildRequires: yarnpkg BuildRequires: openssl-devel %endif -%ifarch loongarch64 -BuildRequires: golang-vendored-golang.org -%endif - %global GRAFANA_USER %{name} %global GRAFANA_GROUP %{name} @@ -794,8 +789,6 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux # Build the frontend %if %{compile_frontend} %{SOURCE5} -# export GO111MODULE=off -go env -w GOPROXY=https://goproxy.cn %endif # Build the backend @@ -805,12 +798,6 @@ go env -w GOPROXY=https://goproxy.cn # can be removed in a future Go release export GOEXPERIMENT=boringcrypto # see grafana-X.Y.Z/pkg/build/cmd.go - -%ifarch loongarch64 -rm -rf vendor/golang.org/x/sys -cp -arp %{_datadir}/golang/vendor/golang.org/x/sys/ vendor/golang.org/x/ -%endif - export LDFLAGS="-X main.version=%{version} -X main.buildstamp=${SOURCE_DATE_EPOCH}" for cmd in grafana-cli grafana-server; do %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd} @@ -1034,9 +1021,8 @@ fi %{_datadir}/selinux/*/grafana.pp %changelog -* Tue Jan 21 2025 Liwei Ge 9.2.10-21.0.1 -- Use cn proxy for go build -- Support loongarch build +* Wed Feb 5 2025 Sam Feifer 9.2.10-22 +- Resolves RHEL-75921: grafana selinux issue with autofs_t * Wed Jan 15 2025 Sam Feifer 9.2.10-21 - Resolves RHEL-72881: CVE-2025-21614 diff --git a/grafana.te b/grafana.te index c4d6a50..8e1b117 100644 --- a/grafana.te +++ b/grafana.te @@ -126,6 +126,14 @@ optional_policy(` allow grafana_t postgresql_var_run_t:sock_file write; ') +optional_policy(` + require { + type autofs_t; + class dir {getattr}; + } + allow grafana_t autofs_t:dir getattr; +') + manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t) manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t) @@ -189,14 +197,14 @@ tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3 corenet_tcp_connect_mysqld_port(grafana_t) ') -tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432 - corenet_tcp_connect_postgresql_port(grafana_t) -') - tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090 corenet_tcp_connect_websm_port(grafana_t) ') +tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432 + corenet_tcp_connect_postgresql_port(grafana_t) +') + optional_policy(` systemd_private_tmp(grafana_tmp_t) ') -- Gitee From 6d7c45ec842ed4cd3957d150b5bda9997043b5a1 Mon Sep 17 00:00:00 2001 From: songmingliang Date: Tue, 26 Apr 2022 17:07:50 +0800 Subject: [PATCH 2/3] build: use cn proxy for go build --- grafana.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/grafana.spec b/grafana.spec index 88ae423..87e94ee 100644 --- a/grafana.spec +++ b/grafana.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # gobuild and gotest macros are not available on CentOS Stream # remove once BZ 1965292 is resolved # definitions lifted from Fedora 34 podman.spec @@ -35,7 +36,7 @@ end} Name: grafana Version: 9.2.10 -Release: 22%{?dist} +Release: 22%{anolis_release}%{?dist} Summary: Metrics dashboard and graph editor License: AGPLv3 URL: https://grafana.org @@ -789,6 +790,8 @@ cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux # Build the frontend %if %{compile_frontend} %{SOURCE5} +# export GO111MODULE=off +go env -w GOPROXY=https://goproxy.cn %endif # Build the backend @@ -1021,6 +1024,9 @@ fi %{_datadir}/selinux/*/grafana.pp %changelog +* Thu Mar 20 2025 Liwei Ge 9.2.10-22.0.1 +- Use cn proxy for go build + * Wed Feb 5 2025 Sam Feifer 9.2.10-22 - Resolves RHEL-75921: grafana selinux issue with autofs_t -- Gitee From 1350c491f8e355b1fdd0257244328c0217144203 Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Wed, 28 Dec 2022 20:40:59 +0800 Subject: [PATCH 3/3] spec: support loongarch build --- grafana.spec | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/grafana.spec b/grafana.spec index 87e94ee..9e2c7f3 100644 --- a/grafana.spec +++ b/grafana.spec @@ -124,6 +124,10 @@ BuildRequires: yarnpkg BuildRequires: openssl-devel %endif +%ifarch loongarch64 +BuildRequires: golang-vendored-golang.org +%endif + %global GRAFANA_USER %{name} %global GRAFANA_GROUP %{name} @@ -801,6 +805,12 @@ go env -w GOPROXY=https://goproxy.cn # can be removed in a future Go release export GOEXPERIMENT=boringcrypto # see grafana-X.Y.Z/pkg/build/cmd.go + +%ifarch loongarch64 +rm -rf vendor/golang.org/x/sys +cp -arp %{_datadir}/golang/vendor/golang.org/x/sys/ vendor/golang.org/x/ +%endif + export LDFLAGS="-X main.version=%{version} -X main.buildstamp=${SOURCE_DATE_EPOCH}" for cmd in grafana-cli grafana-server; do %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd} @@ -1026,6 +1036,7 @@ fi %changelog * Thu Mar 20 2025 Liwei Ge 9.2.10-22.0.1 - Use cn proxy for go build +- Support loongarch build * Wed Feb 5 2025 Sam Feifer 9.2.10-22 - Resolves RHEL-75921: grafana selinux issue with autofs_t -- Gitee